Jump to content

Recommended Posts

Posted

Hi,

I am totally non-technical :blink: but have done my best to follow the PC cleanup.

Other people have access to my PC, 2 irresponsible teenagers and someone a lot more technical than me. Lately my PC has been taking forever to start-up and it sometimes hangs at startup :fish: (I just reboot until it works) slighly weird things have been happening, like dialling tones (I do not think I have a modem, am not even sure if it os relevant)

Is there anything obviously wrong with this? :P

TY in advance for looking at it

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:17:27, on 9/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\dlbucoms.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\O2\bin\sprtsvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.broadband.o2.co.uk

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--

End of file - 8310 bytes

  • Administrator
Posted

Did any of the anti-spyware programs find anything? At a glance I don't see anything malicious.

You'll definitely want to uninstall any/all toolbars.

Posted

TY for looking at it

Did any of the anti-spyware programs find anything? At a glance I don't see anything malicious.

oh umm, yes they did but I didn't think to make notes. I just clicked 'fix the problem'. it was not many, there were 10 very similar things listed as a possible trojan and in another program 2 things that I looked up on the net that seemed to be regarded as false positives, but i got rid of them anyway.

You'll definitely want to uninstall any/all toolbars.

I went to add/remove programs and uninstalled the google toolbar....I think I have done this before and it comes back.

I did not find anything called windows live toolbar, so i randomly removed windows live stuff and it seems to have gone.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:37:52, on 9/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\dlbucoms.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\O2\bin\sprtsvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.broadband.o2.co.uk

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--

End of file - 7629 bytes

Posted

The hanging at startup could be due to the auto-update bug we've been discussing on another thread. You're vulnerable to this if your computer is running Win XP, has 1 GB RAM or less, and you've opted in to Microsoft Update (Windows Update is the default update site for XP, if there's also a Microsoft Update link in your Start Menu, you have opted in to it).

To confirm this is the problem, open the Task Manager while the computer is hanging (press Ctrl+Alt+Delete). See which processes have high CPU and Mem Usage; if wuauclt.exe and one svchost.exe are using all your resources, it's the update bug.

For more information, see this thread. Discussion of this starts in post #10, a workaround is in post #13.

  • Administrator
Posted

Since the scanners found things you may want to run a full scan with MBAM and then SAS.

Posted

TY for the answers

The hanging at startup could be due to the auto-update bug we've been discussing on another thread. You're vulnerable to this if your computer is running Win XP, has 1 GB RAM or less, and you've opted in to Microsoft Update (Windows Update is the default update site for XP, if there's also a Microsoft Update link in your Start Menu, you have opted in to it).

To confirm this is the problem, open the Task Manager while the computer is hanging (press Ctrl+Alt+Delete). See which processes have high CPU and Mem Usage; if wuauclt.exe and one svchost.exe are using all your resources, it's the update bug.

For more information, see this thread. Discussion of this starts in post #10, a workaround is in post #13.

I am running XP, I have no idea how much RAM. :P

I couldn't open task manager or do anything when the PC hung this morning. So I went ahead and did the work around anyway (After 3 reboots)

I have a few questions that may seem silly, but I don't know....

As I have 4 users on the PC I don't have to do it for each user account do I?

Why did you say you do not use windows live, how does that affect this? I use hotmail for some emails, I think that is related to windows live?

Tarun, ty I will get to that after seeing what the above does to the PC

Posted

I guess that's another way to test - try the workaround and see if the problem goes away. Let's hope it does. You should still run those scans Tarun recommended, though.

To check how much RAM you have, go to Start > My Computer, click "View system information" in the sidebar; in the General tab (which it should open to), under Computer:, it has info on your CPU and RAM.

You don't need to do the workaround for the other user accounts.

Using Windows Live doesn't affect this problem at all, I was just saying that I'm not concerned about keeping Windows Live components up to date. Once you disable Microsoft Update, you no longer get automatic updates to Windows Live components - or Microsoft Office, or Silverlight (if installed). MS Office is the only one of those I care about.

Hopefully, Microsoft will fix this problem soon and we can all re-enable Microsoft Update permanently.

Posted

The Microsoft Update problem has been fixed, you should re-enable it now. Since uninstalling the software removes your MS Update link, here's one: Microsoft Update

You can expect it to cause a hang the first time it runs due to the old detection logic being cached on your computer, but after that there'll be no more problem.

Check out James_A's post on the subject.

Posted

TY again for the help.

I am still having problems at start-up and just after, my pc freezes and nothing can be done. After about 3 reboots it works ok.

I now know I have 2.50 GB RAM ?

I followed the instructions to re-enable Microsoft update.

Assuming SAS is SUPERAntiSpyware and MBAM is Malwarebytes….

I ran SAS again and it found 19 tracking cookies and 2 trojans – the same as before, I think.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/14/2010 at 10:02 AM

Application Version : 4.42.1000

Core Rules Database Version : 5463

Trace Rules Database Version: 3275

Scan type : Complete Scan

Total Scan Time : 01:35:09

Memory items scanned : 527

Memory threats detected : 0

Registry items scanned : 7850

Registry threats detected : 0

File items scanned : 49443

File threats detected : 21

Adware.Tracking Cookie

gw.callingbanners.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ]

ia.media-imdb.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ]

stat.easydate.biz [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ]

C:\Documents and Settings\Sam\Cookies\Sam@adserver.adtechus[1].txt

C:\Documents and Settings\Sam\Cookies\Sam@adserver.mmoguru[1].txt

C:\Documents and Settings\Sam\Cookies\Sam@advertising[2].txt

atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

cdn.insights.gravity.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

cdn5.specificclick.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

m.uk.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

m1.emea.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

media.disneyinternational.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

media1.clubpenguin.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

s0.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

secure-us.imrworldwide.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

spe.atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

static.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

track.omguk.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

C:\Documents and Settings\Julia\Cookies\Julia@marketlive.122.2o7[1].txt

Trojan.Agent/Gen-FakeAlert

C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165513.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165514.EXE

Then I ran Malwarebytes, it ran for 2 hours and found nothing but when I tried to look at the log I got an error (error at line 1. Line txt Malwarebytes’ Antimalware 1.44. Err this line does not sontain a recognised action)

  • Administrator
Posted

You just have a trojan in your System Restore according to the SAS log. Create a new SR point and then clean out all but the most recent via cleanup in Tools tab for your hard drive.

Also, your MBAM is out of date according to that log. 1.46 is the latest.

Posted

I am still having problems at start-up and just after, my pc freezes and nothing can be done. After about 3 reboots it works ok.

I now know I have 2.50 GB RAM ?

Hmmmm. That doesn't sound healthy. Maybe we will have to look for another cause.

Do you have a current backup of all importnat documents, photos etc. on your PC?

.

Posted

You just have a trojan in your System Restore according to the SAS log. Create a new SR point

I don't know how to create a new SR but I will work on it - may take me some time...

and then clean out all but the most recent via cleanup in Tools tab for your hard drive.

I hate to sound all girly but could you be a little more specific, I have no idea what this means.

edit - I found this, I hope it was right...

http://www.lockergnome.com/windows/2005/04/12/delete-system-restore-points-to-free-disk-space/

Also, your MBAM is out of date according to that log. 1.46 is the latest.

Yes, when I click update I get an error message, I thought I would try to deal with that later.

Hmmmm. That doesn't sound healthy. Maybe we will have to look for another cause.

Do you have a current backup of all importnat documents, photos etc. on your PC?

.

umm no, but I have asked someone to show me how to get all photos on to disk. I have lost everything before, and this is very worrying.

  • Administrator
Posted

That URL was indeed correct.

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx <-- See Create Restore Points Manually. After you've made a System Restore point, run cleanmgr.exe from the link you listed and it will remove all except the latest restore point.

For MBAM 1.46, use AMT to get it. :dribble:

I'm thinking there might be a hardware issue. Does this happen if you boot into Safe Mode?

Posted

For MBAM 1.46, use AMT to get it. :dribble:

OK I worked out what AMT is and have done that - will leave it running over night.

edit: it ran, and did not find anything but I cannot see the log, I have the same error as before

(error at line 1. Line txt: Malwarebytes’ Antimalware 1.46 Error: this line does not contain a recognised action)

I'm thinking there might be a hardware issue. Does this happen if you boot into Safe Mode?

no idea

as it happens I do know how to get into safe mode - but I have no idea what to do when I am there...

Posted

For MBAM 1.46, use AMT to get it. :hello:

OK I worked out what AMT is ...

For those who haven't, or who have forgotten, :dribble: try this link: Anti-Malware Toolkit.

The only time I've seen

Error: this line does not contain a recognised action

it was in AutoHotkey, not in MBAM

.

  • Administrator
Posted

no idea

as it happens I do know how to get into safe mode - but I have no idea what to do when I am there...

Did you experience any of the mentioned symptoms booting into Safe Mode?

Posted

Did you experience any of the mentioned symptoms booting into Safe Mode?

No, and it has not happened for the past 2 days now. Have we solved it? any idea how?

James, it is definately a MBAM error when I try to see a log file, I would show you but I dont know how :(

  • Administrator
Posted

It's possible the removal of malware may have resolved the issue, or some maintenance you did may have fixed it.

  • Administrator
Posted

The issue this thread has been opened for has been resolved.

If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup

It is recommended that you review our PC Security wiki page to help secure your computer and protect it.

Guest
This topic is now closed to further replies.
×
×
  • Create New...